First published: Tue Sep 13 2022(Updated: )
GHSA-47m6-46mj-p235: By-passing Cross-Site Scripting Protection in HTML Sanitizer
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/typo3/cms | >=10.0.0<10.4.32>=11.0.0<11.5.16 | |
composer/typo3/html-sanitizer | >=1.0.0<1.0.7>=2.0.0<2.0.16 | |
composer/typo3/cms-core | >=10.0.0<10.4.32>=11.0.0<11.5.16 | |
TYPO3 HTML Sanitizer | >=1.0.0<1.0.7 | |
TYPO3 HTML Sanitizer | >=2.0.0<2.0.16 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-36020.
The severity of CVE-2022-36020 is medium with a CVSS score of 6.1.
The TYPO3 CMS package versions 10.0.0 to 10.4.32 and 11.0.0 to 11.5.16, as well as the TYPO3 HTML Sanitizer package versions 1.0.0 to 1.0.7 and 2.0.0 to 2.0.16 are affected by CVE-2022-36020.
To fix CVE-2022-36020, update the TYPO3 CMS package to a version beyond 10.4.32 or 11.5.16, and update the TYPO3 HTML Sanitizer package to a version beyond 1.0.7 or 2.0.16.
You can find more information about CVE-2022-36020 in the TYPO3 security advisory TYPO3-CORE-SA-2022-011 and the GitHub security advisories GHSA-47m6-46mj-p235.